The description of the user pool client.
*/ export interface UserPoolClientDescription { /** *The ID of the client associated with the user pool.
*/ ClientId?: string; /** *The user pool ID for the user pool where you want to describe the user pool * client.
*/ UserPoolId?: string; /** *The client name from the user pool client description.
*/ ClientName?: string; } export declare const TimeUnitsType: { readonly DAYS: "days"; readonly HOURS: "hours"; readonly MINUTES: "minutes"; readonly SECONDS: "seconds"; }; export type TimeUnitsType = (typeof TimeUnitsType)[keyof typeof TimeUnitsType]; /** *The data type TokenValidityUnits specifies the time units you use when you set the * duration of ID, access, and refresh tokens.
*/ export interface TokenValidityUnitsType { /** * A time unit of seconds, minutes, hours, or
* days for the value that you set in the AccessTokenValidity
* parameter. The default AccessTokenValidity time unit is hours.
* AccessTokenValidity duration can range from five minutes to one
* day.
A time unit of seconds, minutes, hours, or
* days for the value that you set in the IdTokenValidity
* parameter. The default IdTokenValidity time unit is hours.
* IdTokenValidity duration can range from five minutes to one day.
A time unit of seconds, minutes, hours, or
* days for the value that you set in the
* RefreshTokenValidity parameter. The default
* RefreshTokenValidity time unit is days.
* RefreshTokenValidity duration can range from 60 minutes to 10
* years.
Contains information about a user pool client.
*/ export interface UserPoolClientType { /** *The user pool ID for the user pool client.
*/ UserPoolId?: string; /** *The client name from the user pool request of the client type.
*/ ClientName?: string; /** *The ID of the client associated with the user pool.
*/ ClientId?: string; /** *The client secret from the user pool request of the client type.
*/ ClientSecret?: string; /** *The date and time, in ISO 8601 format, when the item was modified.
*/ LastModifiedDate?: Date; /** *The date and time, in ISO 8601 format, when the item was created.
*/ CreationDate?: Date; /** *The refresh token time limit. After this limit expires, your user can't use
* their refresh token. To specify the time unit for RefreshTokenValidity as
* seconds, minutes, hours, or days,
* set a TokenValidityUnits value in your API request.
For example, when you set RefreshTokenValidity as 10 and
* TokenValidityUnits as days, your user can refresh their session
* and retrieve new access and ID tokens for 10 days.
The default time unit for RefreshTokenValidity in an API request is days.
* You can't set RefreshTokenValidity to 0. If you do, Amazon Cognito overrides the
* value with the default value of 30 days. Valid range is displayed below
* in seconds.
If you don't specify otherwise in the configuration of your app client, your refresh * tokens are valid for 30 days.
*/ RefreshTokenValidity?: number; /** *The access token time limit. After this limit expires, your user can't use
* their access token. To specify the time unit for AccessTokenValidity as
* seconds, minutes, hours, or days,
* set a TokenValidityUnits value in your API request.
For example, when you set AccessTokenValidity to 10 and
* TokenValidityUnits to hours, your user can authorize access with
* their access token for 10 hours.
The default time unit for AccessTokenValidity in an API request is hours.
* Valid range is displayed below in seconds.
If you don't specify otherwise in the configuration of your app client, your access * tokens are valid for one hour.
*/ AccessTokenValidity?: number; /** *The ID token time limit. After this limit expires, your user can't use
* their ID token. To specify the time unit for IdTokenValidity as
* seconds, minutes, hours, or days,
* set a TokenValidityUnits value in your API request.
For example, when you set IdTokenValidity as 10 and
* TokenValidityUnits as hours, your user can authenticate their
* session with their ID token for 10 hours.
The default time unit for IdTokenValidity in an API request is hours.
* Valid range is displayed below in seconds.
If you don't specify otherwise in the configuration of your app client, your ID * tokens are valid for one hour.
*/ IdTokenValidity?: number; /** *The time units used to specify the token validity times of each token type: ID, * access, and refresh.
*/ TokenValidityUnits?: TokenValidityUnitsType; /** *The Read-only attributes.
*/ ReadAttributes?: string[]; /** *The writeable attributes.
*/ WriteAttributes?: string[]; /** *The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in * your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and * password, or a custom authentication process that you define with Lambda functions.
*If you don't specify a value for ExplicitAuthFlows, your user client supports ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.
Valid values include:
*
* ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user password
* authentication flow ADMIN_USER_PASSWORD_AUTH. This setting replaces
* the ADMIN_NO_SRP_AUTH setting. With this authentication flow, your app
* passes a user name and password to Amazon Cognito in the request, instead of using the Secure
* Remote Password (SRP) protocol to securely transmit the password.
* ALLOW_CUSTOM_AUTH: Enable Lambda trigger based
* authentication.
* ALLOW_USER_PASSWORD_AUTH: Enable user password-based
* authentication. In this flow, Amazon Cognito receives the password in the request instead
* of using the SRP protocol to verify passwords.
* ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.
* ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh
* tokens.
In some environments, you will see the values ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, or USER_PASSWORD_AUTH.
* You can't assign these legacy ExplicitAuthFlows values to user pool clients at the same time as values that begin with ALLOW_,
* like ALLOW_USER_SRP_AUTH.
A list of provider names for the IdPs that this client supports. The following are
* supported: COGNITO, Facebook, Google,
* SignInWithApple, LoginWithAmazon, and the names of your
* own SAML and OIDC providers.
A list of allowed redirect (callback) URLs for the IdPs.
*A redirect URI must:
*Be an absolute URI.
*Be registered with the authorization server.
*Not include a fragment component.
*See OAuth 2.0 - * Redirection Endpoint.
*Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes * only.
*App callback URLs such as myapp://example are also supported.
*/ CallbackURLs?: string[]; /** *A list of allowed logout URLs for the IdPs.
*/ LogoutURLs?: string[]; /** *The default redirect URI. Must be in the CallbackURLs list.
A redirect URI must:
*Be an absolute URI.
*Be registered with the authorization server.
*Not include a fragment component.
*See OAuth 2.0 - * Redirection Endpoint.
*Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes * only.
*App callback URLs such as myapp://example are also supported.
*/ DefaultRedirectURI?: string; /** *The allowed OAuth flows.
*Use a code grant flow, which provides an authorization code as the
* response. This code can be exchanged for access tokens with the
* /oauth2/token endpoint.
Issue the access token (and, optionally, ID token, based on scopes) * directly to your user.
*Issue the access token from the /oauth2/token endpoint
* directly to a non-person user using a combination of the client ID and
* client secret.
The OAuth scopes that your app client supports. Possible values that OAuth provides
* are phone, email, openid, and
* profile. Possible values that Amazon Web Services provides are
* aws.cognito.signin.user.admin. Amazon Cognito also supports custom scopes that
* you create in Resource Servers.
Set to true to use OAuth 2.0 features in your user pool app client.
* AllowedOAuthFlowsUserPoolClient must be true before you can configure
* the following features in your app client.
* CallBackURLs: Callback URLs.
* LogoutURLs: Sign-out redirect URLs.
* AllowedOAuthScopes: OAuth 2.0 scopes.
* AllowedOAuthFlows: Support for authorization code, implicit, and client credentials OAuth 2.0 grants.
To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set
* AllowedOAuthFlowsUserPoolClient to true in a CreateUserPoolClient or
* UpdateUserPoolClient API request. If you don't set a value for
* AllowedOAuthFlowsUserPoolClient in a request with the CLI or SDKs, it defaults
* to false.
A container for information about the user pool.
*/ export interface UserPoolType { /** *The ID of the user pool.
*/ Id?: string; /** *The name of the user pool.
*/ Name?: string; /** * @deprecated * *The status of a user pool.
*/ Status?: StatusType; /** *The date and time, in ISO 8601 format, when the item was modified.
*/ LastModifiedDate?: Date; /** *The date and time, in ISO 8601 format, when the item was created.
*/ CreationDate?: Date; }